github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,484 Commits 55 Branches 109 Tags
a6d64bf615f9bce451bc5132f60a9bcfabb26901
Commit Graph

1209 Commits

Author SHA1 Message Date
Felipe Zimmerle
8bda7c0a45 Fix RULE lookup in chained rules. 2018-10-23 16:37:54 -03:00
Felipe Zimmerle
120108fd33 Adds support for /32 in @ipMatch cidr notation. 
/32 is the representation of the ip itself. Not sure if it is needed,
but there is a complaint for that: #849
 2018-10-23 16:37:53 -03:00
Felipe Zimmerle
a5a40a71a9 Makes matchedvars inline 2018-10-23 16:37:49 -03:00
Felipe Zimmerle
b58018e778 Fix multimatch behavior to match what we have on v2 2018-10-23 16:37:42 -03:00
Felipe Zimmerle
dba73f5367 Using values after transformation at MATCHED_VARS 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
85ecd190d9 Adds full support to UpdateActionById. 
Issue #1800
 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
3e8e28da48 Refactoring on the RULE variable 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
554251bade Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
74841779f8 Adds partial support to UpdateActionById 2018-10-23 16:26:10 -03:00
Victor Hora
20ef01d75c Allow LuaJIT 2.1 to be used 2018-10-12 17:32:10 -04:00
Victor Hora
28f6f2201f Match m_id JSON log with RuleMessage and v2 format 2018-10-12 13:10:11 -04:00
Felipe Zimmerle
bc3d3f1915 Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
4dd2812757 Adds new transaction constructor that accepts the transaction id as parameter. 2018-09-24 21:36:06 -03:00
Felipe Zimmerle
c721e101c0 Adds request IDs and URIs to the debug log 2018-09-24 21:07:11 -03:00
Felipe Zimmerle
98b9ae659d Having a better organization for Variables:: 2018-09-24 16:39:48 -03:00
Felipe Zimmerle
ee50fea266 Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Victor Hora
6f458b5203 Fix on top of jmx's m.setvar commit for USER collection in Lua scripts 2018-09-19 19:41:49 -04:00
jxm
45cdb0ed90 fix: function m.setvar not work in lua script 2018-09-19 19:34:13 -04:00
Felipe Zimmerle
c2bc695265 parser: Fix typo on SanitiseArgs 
Related to: #715 and #1889
 2018-09-12 09:37:34 -03:00
Felipe Zimmerle
9c73c09abd parser: Updates the generated parser file 2018-09-11 21:01:13 -03:00
Victor Hora
a719871458 Fix matching condition and adjust test case 2018-09-11 20:53:17 -03:00
Victor Hora
379f370095 Fix SecResponseBodyAccess and ctl:requestBodyAccess directives 2018-09-11 20:52:30 -03:00
Victor Hora
0c0b09ec52 Use glob.h when using OpenBSD 2018-09-11 20:45:58 -03:00
Victor Hora
d97688804e Fix parser to support GeoLookup with MaxMind 2018-09-11 20:40:28 -03:00
Felipe Zimmerle
764a2e43ff parser: Fix simple quote setvar in the end of the line. 
Fix #1831
 2018-09-11 15:35:26 -03:00
Felipe Zimmerle
d7b9726357 good practices: Initialize variables before use it 
Original author: Marc Stern (#1889)
 2018-09-05 23:35:24 -03:00
Felipe Zimmerle
a85ca00a55 Fix utf-8 character encoding conversion 
Reported on: #1794
 2018-09-04 21:01:11 -03:00
Victor Hora
aa158ceef3 Set the correct variable (m_requestBodyType) and add test case 2018-08-22 22:46:37 -03:00
Victor Hora
f999f54eda Adds support for ctl:requestBodyProcessor=URLENCODED 2018-08-22 22:07:04 -03:00
Robert Paprocki
dee9898449 Implement support for Lua 5.1 2018-07-27 15:43:12 -04:00
michaelgranzow-avi
d810de9166 #1818: Variable names must match fully, not partially; also revert to hash table lookup instead of linear search; add test case 2018-06-26 10:47:03 -03:00
Victor Hora
fd8e72fd97 Allow empty strings to be evaluated by regex::searchAll 2018-06-18 22:11:48 -03:00
Felipe Zimmerle
e51297b436 Improvements on top of #1787 2018-06-12 15:43:08 -03:00
Ervin Hegedus
edb5993d5f Fixed LMDB collection errors 2018-06-12 14:47:44 -03:00
Ervin Hegedus
4d0ca94490 Modified the false pos. UNMATCHED_BOUNDARY error flag 2018-06-12 01:09:36 -03:00
Ervin Hegedus
af4afd348c Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors 2018-06-12 01:09:36 -03:00
Reed Morrison
95048d5fcf Fix ip tree lookup on netmask content 2018-06-07 14:29:27 -03:00
Felipe Zimmerle
202a15bea8 Changes the behavior of the default sec actions 
Fix #1629
 2018-05-31 14:52:53 -03:00
Felipe Zimmerle
892beb5360 Refactoring on {global,ip,resources,session,tx,user} collections 
Now using the same name schema and interface for these "special"
collection.

Fix: #1754, #1778
 2018-05-29 23:48:05 -03:00
Felipe Zimmerle
f928e44765 Revert "Fix memory leak in msc_rules_* C APIs" 
This reverts commit 58701e7e11.

It was breaking the multi-thread examples.
 2018-05-28 18:59:55 -03:00
Wenfeng Liu
b85a645610 Fix race condition in UniqueId::uniqueId() 2018-05-28 18:09:50 -03:00
Wenfeng Liu
58701e7e11 Fix memory leak in msc_rules_* C APIs 2018-05-24 12:51:13 -03:00
Wenfeng Liu
45e531236a Return false in SharedFiles::open() when an error happens 2018-05-24 10:21:37 -03:00
Wenfeng Liu
fd9a161e74 Use rvalue reference in ModSecurity::serverLog to avoid string copy 2018-05-22 22:41:20 -03:00
Victor Hora
87e64e3c25 Actually fix setvar parsing of quoted data 2018-05-17 13:43:12 -03:00
Robert Paprocki
e4c822e663 Code cleanup: Initialize variables and others good practice 
- initialize invalid_countin UrlDecode :: evaluate
- Free resources before the process die (good practice)
 2018-05-13 17:08:07 -03:00
Felipe Zimmerle
42a472adbd Check if response body inspection is enabled before process it 2018-05-08 10:59:30 -03:00
Robert Paprocki
2669add8e0 Fix memory leak in processContentOffset 2018-05-03 15:10:01 -03:00
Robert Paprocki
cc72035034 Remove an unused variable 2018-05-03 15:10:00 -03:00
Victor Hora
5e40850697 Fix setvar parsing of quoted data 2018-05-03 14:40:48 -03:00